Coffee – Moderately critical – Cross Site Scripting – SA-CONTRIB-2024-011

Drupal Security Advisory

Project: 
Date: 
2024-February-28
Vulnerability: 
Cross Site Scripting
Affected versions: 
<1.4.0
Description: 

The Coffee module helps you to navigate through the Drupal admin menus faster with a shortcut popup.

The module doesn’t sufficiently escape menu names when displaying them in the popup, thereby exposing a XSS vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission “Administer menus and menu links”.

Solution: 

Install the latest version:

Reported By: 
Coordinated By: 

READ MORE